Software

group_project

Visible to the public EDU: Collaborative: When Cyber Security Meets Physical World: A Multimedia-based Virtual Classroom for Cyber-Physical Systems Security Education to Serve City / Rural Colleges

This project establishes a multimedia-based virtual classroom with a virtual lab teaching assistant for the education of cyber physical system (CPS) security. Such a virtual classroom helps college students in resource-limited rural areas to learn the latest CPS security knowledge via an on-line peer-to-peer learning environment with other students from larger schools.

group_project

Visible to the public TWC: Small: Securing the New Converged Telephony Landscape

The telephony system, which enabled near universal voice communication, has undergone a dramatic change due to technological advances and legal and regulatory changes. Although these changes offer many benefits, including low cost calling and richer functionality, they have introduced new vulnerabilities that can seriously undermine the trust people have in transactions conducted over the telephony channel. In fact, caller impersonation and social engineering over the phone are increasingly being used to commit fraud and steal credentials for online account takeovers.

group_project

Visible to the public TWC: Medium: TCloud: A Self-Defending, Self-Evolving and Self-Accounting Trustworthy Cloud Platform

The use of cloud computing has revolutionized the way in which cyber infrastructure is used and managed. The on-demand access to seemingly infinite resources provided by this paradigm has enabled technical innovation and indeed innovative business models and practices. This rosy picture is threatened, however, by increasing nefarious interest in cloud platforms. Specifically, the shared tenant, shared resource nature of cloud platforms, as well as the natural accrual of valuable information in cloud platforms, provide both the incentive and the possible means of exploitation.

group_project

Visible to the public TWC: Medium: Collaborative: DIORE: Digital Insertion and Observation Resistant Execution

Cloud computing allows users to delegate data and computation to cloud providers, at the cost of giving up physical control of their computing infrastructure. An attacker with physical access to the computing platform can perform various physical attacks, referred to as digital insertion and observation attacks, which include probing memory buses, tampering with memory, and cold-boot style attacks. While memory encryption can prevent direct leakage of data under digital observation, memory access patterns to even encrypted data may leak sensitive information.

group_project

Visible to the public TTP: Medium: Crowd Sourcing Annotations

Both sound software verification techniques and heuristic software flaw-finding tools benefit from the presence of software annotations that describe the behavior of software components. Function summaries (in the form of logical annotations) allow modular checking of software and more precise reasoning. However, such annotations are difficult to write and not commonly produced by software developers, despite their benefits to static analysis. The Crowdsourcing Annotations project will address this deficiency by encouraging software-community-based crowd-sourced generation of annotations.

group_project

Visible to the public TWC: Medium: Collaborative: Towards Securing Coupled Financial and Power Systems in the Next Generation Smart Grid

For nearly 40 years, the United States has faced a critical problem: increasing demand for energy has outstripped the ability of the systems and markets that supply power. Today, a variety of promising new technologies offer a solution to this problem. Clean, renewable power generation, such as solar and wind are increasingly available. Hybrid and plug-in electric vehicles offer greater energy efficiency in transportation.

group_project

Visible to the public TWC: Medium: Collaborative: Breaking the Satisfiability Modulo Theories (SMT) Bottleneck in Symbolic Security Analysis

The security of our software is critical for consumer confidence, the protection of privacy and valuable intellectual property, and of course national security. Because of our society's increased reliance on software, security breaches can lead to serious personal or corporate losses, and endanger the privacy, liberties, and even the lives of individuals. As threats to software security have become more sophisticated, so too have the techniques and analyses developed to improve it. Symbolic execution has emerged as a fundamental tool for security applications.

group_project

Visible to the public TWC: Medium: Collaborative: Breaking the Satisfiability Modulo Theories (SMT) Bottleneck in Symbolic Security Analysis

The security of our software is critical for consumer confidence, the protection of privacy and valuable intellectual property, and of course national security. Because of our society's increased reliance on software, security breaches can lead to serious personal or corporate losses, and endanger the privacy, liberties, and even the lives of individuals. As threats to software security have become more sophisticated, so too have the techniques and analyses developed to improve it. Symbolic execution has emerged as a fundamental tool for security applications.

group_project

Visible to the public TWC TTP: Small: Security, Privacy, and Trust for Systems of Coordinating Medical Devices

To lower costs and improve outcomes in current medical practice we need integrated interoperable medical systems to provide machine-assisted care, interaction detection, and improved alarm accuracy, to name just a few uses. This project is developing both the theory and practice to ensure the safety of next-generation medical devices by allowing secure coordination and composition, in facilities as small as a local doctor's office or as large as a multi-campus hospital.

group_project

Visible to the public TWC: Phase: Small: Software Cruising for System Security

Software bugs and vulnerabilities are primary causes for cyber-security breaches in today's society. Runtime monitoring, a technique to enforce safety and security properties at program execution time, is essential to detect intrusions and keep the system healthy. One of the main obstacles to adopt runtime monitoring techniques in practice is high performance overhead. Inlined security monitoring enforcement often delays and blocks the execution of protected programs.